A peek inside the PickPocket Botnet

by Dancho Danchev

Malicious attackers quickly adapt to emerging trends, and therefore constantly produce new malicious releases. One of these recently released underground tools, is the PickPocket Botnet, a web-based command and control interface for controlling a botnet.

Let’s review its core features, and find out just how easy it is to purchase it within the cybercrime ecosystem.

As you can see in the attached screenshot, the seller of the PickPocket Botnet has managed to infect 388 hosts, with 12 of them currently online. What are some of the core features of the botnet kit?

PickPocket bots have DDoS functionality, and spread over email and AutoRun. Updated versions of the bot also spread over P2P, with the botnet master adding additional functionality to the botnet on a periodic basis. Moreover, the bot is capable of killing antivirus software on Windows XP, 2003 and 2000, next to harvesting email addresses from the infected PC, and then spamming them.

The botnet master is facilitating sales using Liberty Reserve and is offering a managed service with 3 months of hosting for the command and control infrastructure of the botnet.